[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2504
  • Last Modified:

ACE probe question

I have a couple of servers that were hardened by our web guru. They are locked down pretty tight and refuse to give up information easily. I'm new to the cisco ACE and I'm trying to figure out if my statements are correct and the servers are locked down funny, or if I have the statements wrong/missing something in the probe itself.

Please note that i can get the servers I want just fine if I don't put the probe in. The file /index.shtml fine. I'm using head here because I don't care if the page is completely formed, just that it exists and there are some largish files on the page and I don't care to download the whole thing.

So I have the probe set in the serverfarm only (the rservers are currently set to "inservice" with no probe)

so the serverfarm has "probe ProdServerProbe"

the definition for the "Prod ServerProbe" is as follows

probe http ProdServerProbe
  interval 30
  passdetect interval 60
  request method head url /index.shtml
  open 1

One thing I didn't get from the documentation (maybe I didn't read it well is) is whether passdetect inverval needs to be greater than interval

The server does have a /index.shtml
The server does respond to http on port 80
I can "bypass" the ACE by typing in the URL and I can see the page just fine
If I turn off probing the site seems to work just fine.

Please let me know if my config is screwy or if this is just a case of the server being locked down more than the ACE can bypass.
  • 3
  • 2
1 Solution
Hi there,

can you paste an output of

"show probe ProdServerProbe detail"


"show serverfarm ##name##"


It sounds like the probes might not be detecting the server as OPERATIONAL at all.

donackerAuthor Commented:
I have included this. I was aware that it was not "connecting" what I'm trying to ascertain is as follows:

Is  the probe I posted above configured in such a way it will always fail, or does that probe look like it should work. If it should work than  I am likely to assume that the problem is the way that these servers were tweaked.

The following output is shown

show probe ProdServerProbe detail

 probe       : ProdServerProbe
 type        : HTTP
 state       : ACTIVE
 description :
   port      : 80      address     :         addr type  : -          
   interval  : 30      pass intvl  : 60              pass count : 3    
   fail count: 3       recv timeout: 10  
   http method      : HEAD
   http url         : /index.shtml
   conn termination : GRACEFUL  
   expect offset    : 0         , open timeout     : 1        
   expect regex     : -
   send data        : -
                ------------------ probe results ------------------
   associations ip-address      port  porttype probes   failed   passed   health
   ------------ ---------------+-----+--------+--------+--------+--------+------
   serverfarm  : ProdServers
     real      : ProdWeb1-Pri[80]

     real      : ProdWeb1-Sec[80]

     real      : ProdWeb2-Pri[80]

     real      : ProdWeb2-Sec[80]
          80    REAL     4977     4977     0        FAILED

   Socket state        : CLOSED
   No. Passed states   : 0         No. Failed states : 1
   No. Probes skipped  : 0         Last status code  : 403
   No. Out of Sockets  : 0         No. Internal error: 0
   Last disconnect err : Received invalid status code
   Last probe time     : Mon Apr  5 05:29:43 2010
   Last fail time      : Fri Apr  2 09:22:16 2010
   Last active time    : Never

     real      : ProdWeb3-Pri[80]

     real      : ProdWeb3-Sec[80]

show serverfarm ProdServers

 serverfarm     : ProdServers, type: HOST
 total rservers : 6
       real                  weight state        current    total      failures
   rserver: ProdWeb1-Pri       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb1-Sec       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb2-Pri       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb2-Sec       8      PROBE-FAILED 0          17         0
   rserver: ProdWeb3-Pri       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb3-Sec       8      OUTOFSERVICE 0          0          0
Hi donacker,

Thanks for the output.

The probe is failing with error code 403:
"Last status code  : 403"
"Last disconnect err : Received invalid status code"

403 indicates that the address if forbidden. It doesn't bode well, but you'll also need to configure an expected status code as per the attached code. My example marks only the 200 OK status (range 200-200) as a successful probe.

As a test you could change the range to 200-403. The probes should then succeed and mark your server as ACTIVE. This won't solve the problem of the forbidden page, which will either be down to a non-existent page (unlikely based on what you've said) or a permission problem (quite possible based on what you've said!).

Hope this helps.

probe http ProdServerProbe
  interval 30
  passdetect interval 60
  request method head url /index.shtml
  expect status 200 200
  open 1

Open in new window

donackerAuthor Commented:
Considering the fights I've had with this unit whenever urls come into play let me verify that I have correctly written the page in the request method.

If I have www.example.com/index.shtml

do I enter

1) index.shtml
2) /index.shtml
3) www.example.com/index.shtml
4) http://www.example.com/index.shtml

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now